OWASP Bay Area will host its next meeting at the Stanford University Alumni Association Center on Thursday, December 13. As usual attendance is free and food and beverages will be provided. This will be an awesome event and a great opportunity to network with industry peers. The event is open to the public; please forward this invite to your colleagues and friends who are interested in computer and application security.

As more users are connected to the Internet and conduct their daily activities electronically, computer users have become the target of an underground economy that infects hosts with malware or adware for financial gain. Unfortunately, even a single visit to an infected web site enables the attacker to detect vulnerabilities in the user’s applications and force the download a multitude of malware binaries. Frequently, this malware allows the adversary to gain full control of the compromised systems leading to the ex-filtration of sensitive information or installation of utilities that facilitate remote control of the host. We believe that such behavior is similar to our traditional understanding of botnets. However, the main difference is that web-based malware infections are pull-based and that the resulting command feedback loop is looser. To characterize the nature of this rising thread, we identify the four prevalent mechanisms used to inject malicious content on popular web sites: web server security, user contributed content, advertising and third-party widgets. For each of these areas, we present examples of abuse found on the Internet. Our aim is to present the state of malware on the Web and emphasize the importance of this rising threat.

+

−

+

−

'''Bio:'''<br/>

+

−

Based out of Mt.View, Niels Provos is a Senior Staff Engineer at Google, Inc. His interests include research in Web-Based Malware, Distributed Denial of Service, Steganography, Cryptography and Computer and Network Security. Niels studied Physics and Mathematics at University of Hamburg, Germany, and attended the University of Michigan as a graduate student where he earned both is Masters in Computer Science and his Ph.D. in Computer Science. He has published countless research papers and recently authored the book Virtual Honeypots: From Tracking Botnets to Intrusion Detection.

+

−

+

−

'''Ph.D. Student Presentations'''<br/>

+

−

Presented by: Adam Barth & Collin Jackson, Stanford University<br/>

+

−

+

−

Preview of OWASP Bay Area, Mandeep Khera<br/>

+

−

Mandeep will provide an outline of the goals and objectives for local OWASP affiliates in 2008.

+

−

+

−

Please RSVP by responding to this email or visit http://owaspdec2007.eventbrite.com

+

−

+

−

Special thanks to Stanford University Alumni Association for hosting this event and to Cenzic and AppSec Consulting for sponsoring.